--- pgp/doc/setup.doc 2018/04/24 16:41:32 1.1.1.3 +++ pgp/doc/setup.doc 2018/04/24 16:43:58 1.1.1.5 @@ -1,270 +1,350 @@ - Pretty Good Privacy version 2.5 - Installation Guide by Perry Metzger - Edited for 2.5 by Colin Plumb and others - - -How to Install PGP -================== - -The first question is, what platform are you on? - -The base PGP 2.5 distribution runs on several varieties of Unix, MS-DOS -and VAX VMS. Ports can be expected shortly to the Atari, Amiga, and -possibly other systems. Naturally, installation instructions differ -depending on your hardware. Separate instructions are provided here for -MSDOS and Unix. - -No matter what the machine you are on, though, do this... - -STEP 1: -READ THE DOCUMENTATION. At least read Volume I of the PGP User's -Guide. Cryptography software is easy to misuse, and if you don't use -it properly much of the security you could gain by using it will be -lost! You might also be unfamiliar with the concepts behind public key -cryptography; the manual explains these ideas. Even if you are already -familiar with public key cryptography, it is important that you -understand the various security issues associated with using PGP. PGP -may be an unpickable lock, but you have to install it in the door -properly or it won't provide security. - -See the section below for your system's particular installation -instructions. - -If you do not have any of these systems, you will either have to port -the sources to your machine or find someone who has already done so. - -###################################################################### -For MSDOS: - -PGP is distributed in a compressed archive format, which keeps all -the relevant files grouped together, and also saves disk space and -transmission time. - -The current version, 2.5, is archived with the ZIP utility, and the -PGP executable binary release system is in a file named PGP25.ZIP. -This contains the executable program, the user documentation, the -RSAREF 2.0 license, and a few keys and signatures. There is also a -second file available containing the C and assembly source code, -called PGP25SRC.ZIP. If you are a programmer, this may be of interest -to you. This should be available from the same source from which you -got PGP25.ZIP. If not, and you want it, see the Licensing and -Distribution section of the PGP User's Guide. - -You will need PKUNZIP version 1.1 or later to uncompress and split -the PGP25.ZIP archive file into individual files. PKUNZIP is -shareware and is widely available on MSDOS machines. - -Create a directory for the PGP files. For this description, let's -use the directory C:\PGP as an example, but you should substitute -your own disk and directory name if you use something different. -Type these commands to make the new directory: - - c: - md \pgp - cd \pgp - -Uncompress the distribution file PGP25.ZIP to the directory. For -this example, we will assume the file is on floppy drive A - if not, -substitute your own file location. - - pkunzip -d a:pgp25 - -If you omit the -d flag, all the files in the doc subdirectory will -be deposited in the pgp directory. This merely causes clutter. - - -Setting the Environment ------------------------ - -Next, you can set an MSDOS "environment variable" to let PGP know -where to find its special files, in case you use it from other than -the default PGP directory. Use your favorite text editor to add the -following lines to your AUTOEXEC.BAT file (usually on your C: drive): - - SET PGPPATH=C:\PGP - SET PATH=C:\PGP;%PATH% - -Substitute your own directory name if different from "C:\PGP". - -The CONFIG.TXT file contains various preferences. You can change -the language PGP operates in, and the character set it uses. The -IBM PC's default character set, "Code Page 850" will be used if the -line "charset = cp850" appears in the config.txt file. You probably -want to add that line. - -Another environmental variable you should set in MSDOS is "TZ", which -tells MSDOS what time zone you are in, which helps PGP create GMT -timestamps for its keys and signatures. If you properly define TZ in -AUTOEXEC.BAT, then MSDOS gives you good GMT timestamps, and will -handle daylight savings time adjustments for you. Here are some -sample lines to insert into AUTOEXEC.BAT, depending on your time -zone: - -For Los Angeles: SET TZ=PST8PDT -For Denver: SET TZ=MST7MDT -For Arizona: SET TZ=MST7 - (Arizona never uses daylight savings time) -For Chicago: SET TZ=CST6CDT -For New York: SET TZ=EST5EDT -For London: SET TZ=GMT0BST -For Amsterdam: SET TZ=MET-1DST -For Moscow: SET TZ=MSK-3MSD -For Aukland: SET TZ=NZT-13 - -Now reboot your system to run AUTOEXEC.BAT, which will set up -PGPPATH and TZ for you. - - - -Generating Your First Key -------------------------- - -One of the first things you will want to do to really use PGP (other -than to test itself) is to generate your own key. This is described in -more detail in the "RSA Key Generation" section of the PGP User's -Guide. Remember that your key becomes something like your written -signature or your bank card code number or even a house key - keep it -secret and keep it secure! Use a long, unguessable pass phrase and -remember it. Right after you generate a key, put it on your key rings -and copy your secret keyring (SECRING.PGP) to a blank floppy and write -protect the floppy. - -If you are a first-time user of PGP, it is a good idea to generate -a short test key, with a short passphrase, to play around with PGP -for a little bit and see how it works, or even more than one so -you can pretend to be sending messages between two different people. -Since you won't be guarding any secrets, this can be short and have -a simple pass phrase. But when you generate your permanent key, -that you intend to give to others so they can send secure messages -to you, be much more careful. - -After you generate your own key pair, you can add a few more public -keys to your key ring. A collection of sample public keys is -provided with the release in the file KEYS.ASC. To add them to your -public key ring, see the PGP User's Guide, in the section on adding -keys to your key ring. - - -###################################################################### -For UNIX: - -You likely will have to compile PGP for your system; to do this, first -make sure the unpacked files are in the correct unix textfile format -(the files in pgp23src.zip are in MSDOS CRLF format, so for Unix you -must unpack with "unzip -a"; the tar file pgp23.tar.Z uses normal Unix -line feed conventions). Then copy the file "makefile.unx" in the -distribution to "Makefile". - -Then, you will need the March 16, 1994 release of the RSAREF 2.0 -package. It is included with the PGP 2.5 distribution from MIT. It -should be unpacked in a directory named "rsaref2" that is a sibling of -the directory that PGP is unpacked in. (If you use a different -location, you will have to modify the Makefile and rsaglue2.c.) - -Make a directory rsaref2/unix, copy the makefile over from -rsaref2/install/unix, and build the rsaref.a library. The RSAREF -package has more detailed instructions. - -If you don't have an ANSI C compiler you will need the unproto package -written by Wietse Venema. unproto was posted on comp.sources.misc and -can be obtained from the various sites that archive this newsgroup -(volume 23: v23i012 and v23i013) or ftp.win.tue.nl file: -/pub/programming/unproto4.shar.Z Read the file README in the unproto -distribution for instructions on how to use unproto. The unix makefile -for pgp (makefile.unx) contains a few targets for compliling with -unproto, these assume you have unpacked unproto in a subdirectory -"unproto" in the pgp "src" directory. - - -Then... - -type: - "make sungcc" for Sun with GNU gcc - "make suncc" for Sun with cc and unproto - "make sysv_386" for SVR4 386 with asm primitives - "make x286" for XENIX/286 with asm primitives and unproto - "make ultrix" for DEC 4.2BSD Ultrix with gcc - "make rs6000" for RS6000 AIX - "make irix_asm" for IRIX with asm primitives - "make" to list the available platforms - -There are more targets in makefile.unx. If your system doesn't have -a target in makefile.unx you will have to edit the makefile, make -sure you compile for the correct byte order for your system: define -HIGHFIRST if your system is big-endian (eg. Motorola 68030). -There are also some platform-specific parameters in the include file -"platform.h". Some platforms may have to modify this file. - -If all goes well, you will end up with an executable file called "pgp". - -Before you install pgp, run these tests: -(do not create your real public key yet, this is just for testing pgp) - -- create a public/secret key pair (enter "test" as userid/password): - pgp -kg - -- add the sample keys from the file "keys.asc" to the public keyring: - pgp -ka keys.asc - pgp will ask if you want to sign the keys you are adding, answer yes - for at least one key. - -- do a keyring check: - pgp -kc - -- encrypt pgpdoc1.txt: - pgp -e pgpdoc1.txt test -o testfile.pgp - -- decrypt this file: - pgp testfile.pgp - -this should produce the file "testfile" compare this file with pgpdoc1.txt - -If everything went well, install pgp in a bin directory. - -Place the documentation, pgpdoc1.txt and pgpdoc2.txt somewhere where -you can reasonably read it. The software looks for it when running -(especially generating keys), so someplace reasonably obvious would -be good. "pgp -kg" will give you full details if it can't find the -manuals. - -Place the man page (pgp.1) in an appropriate spot. If you don't know -anything about how man pages work, you can make the man page look -human readable yourself by typing "nroff -man pgp.1 >pgp.man" and -reading "pgp.man". - -Create a subdirectory somewhere in your home directory hierarchy to -hold your public and private key rings and anything else pgp might need -(like the language.txt file). The default name PGP assumes is ~/.pgp. -If you want to use a different name, you must set the environment -variable "PGPPATH" to point to this place before you use the system. - -> IMPORTANT: This directory cannot be shared! It will contain your < -> personal private keys! < - -If you are installing PGP for yourself, copy the files "language.txt", -"config.txt", and the ".hlp" files from the distribution into this -subdirectory. - -If you are installing PGP system-wide, the directory to use is -/usr/local/lib/pgp for the config, language and help files. -This can be changed in fileio.h when compiling. It's the value -of PGP_SYSTEM_DIR. - -Tell PGP the character set and language you wish to use in the config.txt -file. If you have a terminal that only displays 7-bit ASCII, use -"charset=ascii" to display an approximation (accents are omitted) of -extended characters. - ->> IMPORTANT: Please read the sections in the man page and manual << ->> about vulnerabilities before using this software on a multi- << ->> user machine! << - -Now, if you haven't done so yet, GO READ THE MANUAL. - - -###################################################################### -For VMS: - -Read the file readme.vms in the doc subdirectory - -###################################################################### +-----BEGIN PGP SIGNED MESSAGE----- + + Pretty Good Privacy Version 2.6.1 + Installation Guide + + by Perry Metzger, Colin Plumb, Derek Atkins, + Jeffrey I. Schiller and others + +How to Install PGP +================== + +The first question is, what platform are you on? + +The base PGP 2.6.1 distribution runs on several varieties of Unix, +MS-DOS and VAX VMS (though we haven't compiled it ourselves there yet). +Ports can be expected shortly to the Atari, Amiga, and possibly other +systems. Naturally, installation instructions differ depending on your +hardware. Separate instructions are provided here for MSDOS and Unix. + +See the section below for your system's particular installation +instructions. + +If you do not have any of these systems, you will either have to port +the sources to your machine or find someone who has already done so. + +######################################################################## +For MSDOS: + +PGP is distributed in a compressed archive format, which keeps all the +relevant files grouped together, and also saves disk space and +transmission time. + +The current version, 2.6.1, is archived with the ZIP utility, and the +PGP executable binary release system is in a file named PGP261.ZIP. +This contains the executable program, the user documentation, the RSAREF +license, and a few keys and signatures. There is also a second file +available containing the C and assembly source code, called PGP261S.ZIP. +If you are a programmer, this may be of interest to you. This should be +available from the same source from which you got PGP261.ZIP. If not, +and you want it, see the Licensing and Distribution section of the PGP +User's Guide. + +You will need PKUNZIP version 1.1 or later to uncompress and split the +PGP26.ZIP archive file into individual files. PKUNZIP is shareware and +is widely available on MSDOS machines. + +Create a directory for the PGP files. For this description, let's use +the directory C:\PGP26 as an example, but you should substitute your own +disk and directory name if you use something different. Type these +commands to make the new directory: + + c: + md \pgp26 + cd \pgp26 + +Uncompress the distribution file PGP261.ZIP to the directory. For this +example, we will assume the file is on floppy drive A - if not, +substitute your own file location. + + pkunzip -d a:pgp261 + +This will create the file PGP261I.ZIP and PGP261I.ASC. Unzip +PGP261I.ZIP with the command: + + pkunzip -d pgp261i + +If you omit the -d flag, all the files in the doc subdirectory will be +deposited in the pgp directory. This merely causes clutter. + +Keep the PGP261I.ZIP file around. Once you have PGP working you can use +PGP261I.ASC to verify the digital signature on PGP261I.ZIP. It should +come from Jeffrey I. Schiller (whose key is included in keys.asc). + + Setting the Environment + ----------------------- + +Next, you can set an MSDOS "environment variable" to let PGP know where +to find its special files, in case you use it from other than the +default PGP directory. Use your favorite text editor to add the +following lines to your AUTOEXEC.BAT file (usually on your C: drive): + + SET PGPPATH=C:\PGP26 + SET PATH=C:\PGP26;%PATH% + +Substitute your own directory name if different from "C:\PGP26". + +The CONFIG.TXT file contains various preferences. You can change the +language PGP operates in, and the character set it uses. The IBM PC's +default character set, "Code Page 850" will be used if the line "charset += cp850" appears in the config.txt file. You probably want to add that +line. + +Another environmental variable you should set in MSDOS is "TZ", which +tells MSDOS what time zone you are in, which helps PGP create GMT +timestamps for its keys and signatures. If you properly define TZ in +AUTOEXEC.BAT, then MSDOS gives you good GMT timestamps, and will handle +daylight savings time adjustments for you. Here are some sample lines +to insert into AUTOEXEC.BAT, depending on your time zone: + +For Los Angeles: SET TZ=PST8PDT +For Denver: SET TZ=MST7MDT +For Arizona: SET TZ=MST7 + (Arizona never uses daylight savings time) +For Chicago: SET TZ=CST6CDT +For New York: SET TZ=EST5EDT +For London: SET TZ=GMT0BST +For Amsterdam: SET TZ=MET-1DST +For Moscow: SET TZ=MSK-3MSD +For Aukland: SET TZ=NZT-13 + +Now reboot your system to run AUTOEXEC.BAT, which will set up PGPPATH +and TZ for you. + + Generating Your First Key + ------------------------- + +One of the first things you will want to do to really use PGP (other +than to test itself) is to generate your own key. This is described in +more detail in the "RSA Key Generation" section of the PGP User's Guide. +Remember that your key becomes something like your written signature or +your bank card code number or even a house key - keep it secret and keep +it secure! Use a long, unguessable pass phrase and remember it. Right +after you generate a key, put it on your key rings and copy your secret +keyring (SECRING.PGP) to a blank floppy and write protect the floppy. + +If you are a first-time user of PGP, it is a good idea to generate a +short test key, with a short passphrase, to play around with PGP for a +little bit and see how it works, or even more than one so you can +pretend to be sending messages between two different people. Since you +won't be guarding any secrets, this can be short and have a simple pass +phrase. But when you generate your permanent key, that you intend to +give to others so they can send secure messages to you, be much more +careful. + +After you generate your own key pair, you can add a few more public keys +to your key ring. A collection of sample public keys is provided with +the release in the file KEYS.ASC. To add them to your public key ring, +see the PGP User's Guide, in the section on adding keys to your key +ring. + + Verifying the PGP distribution + ------------------------------ + +Now that you have PGP up and running and have read in the KEYS.ASC file +you can now verify the integrity of the original distribution. To do +this type: + + pgp pgp261i.asc + +It will inform you that pgp261i.asc contains a signature but no text. +It may then ask you to provide the name of the file that it applies to. +Type in "pgp261i.zip", the internal ZIP file. + +PGP should tell you that it has a Good Signature from: + +Jeffrey I. Schiller + +It will also tell you that it doesn't "trust" my (jis@mit.edu) key. +This is because PGP does not *know* that the enclosed key really belongs +to me. Don't worry about this now. Read the section "How to Protect +Public Keys from Tampering" in Volume 1 of the PGP manual. + + READ THE FINE MANUAL (RTFM) + --------------------------- + +READ THE DOCUMENTATION. At least read Volume I of the PGP User's Guide. +Cryptography software is easy to misuse, and if you don't use it +properly much of the security you could gain by using it will be lost! +You might also be unfamiliar with the concepts behind public key +cryptography; the manual explains these ideas. Even if you are already +familiar with public key cryptography, it is important that you +understand the various security issues associated with using PGP. PGP +may be an unpickable lock, but you have to install it in the door +properly or it won't provide security. + +######################################################################## +For UNIX: + +You likely will have to compile PGP for your system; to do this, first +make sure the unpacked files are in the correct unix textfile format +(the files in pgp261s.zip are in MSDOS CRLF format, so for Unix you must +unpack with "unzip -a"; the tar files pgp261s.tar.Z and pgp261s.tar.gz +use normal Unix line feed conventions). + +You will need the RSAREF package written by RSA Data Security. It is +included with the PGP 2.6.1 distribution from MIT. Use this version as +it has been edited for the larger key sizes needed by PGP 2.6.1 as well +as to improve performance. + +When you untar pgp261s.tar (either compression format) you will find +that it contains 5 files. pgp261si.tar contains all non-binary files for +PGP including all source code. This tar archive has been created +assuming that you will untar it directly into your PGP 2.6.1 "build" +directory. pgp261si.asc is a detached digital signature of pgp261si.tar +(which you can verify after you have PGP operating, see the section +above titled "Verifying the PGP Distribution"). rsaref.tar contains the +source code for the RSAREF distribution. You should also untar it from +your PGP "build" directory. All RSAREF software will automatically go +into an "rsaref" subdirectory. + +cd to rsaref/install/unix and invoke the "make" command there to build +the RSAREF software library. + +RSAREF tries to build with the GNU CC compiler by default. If you do +not have the GCC compiler for your platform, you will have to run make +with an option to use the normal CC compiler: + + make CC=cc + +If your native compiler does not understand prototypes, then this will +fail as well, and you will have to set the PROTOTYPES to 0. You can do +this by running make in this manner: + + make CC=cc PROTOTYPES=0 + +This will try to create an rsaref.a library in the current directory. +One last problem you may have is the lack of a ranlib program on your +platform. You can fix this by adding this to your make line: + + RANLIB=true + +After RSAREF is successfully built, cd to src (cd ../../../src from the +RSAREF install/unix directory) and invoke "make" there. You will have +to specify your machine platform (make without arguments will give you a +list of choices). + +If you don't have an ANSI C compiler you will need the unproto package +written by Wietse Venema. unproto was posted on comp.sources.misc and +can be obtained from the various sites that archive this newsgroup +(volume 23: v23i012 and v23i013) or ftp.win.tue.nl file: +/pub/programming/unproto4.shar.Z Read the file README in the unproto +distribution for instructions on how to use unproto. + +If your system doesn't have a target in the makefile you will have to +edit the makefile, make sure you compile for the correct byte order for +your system: define HIGHFIRST if your system is big-endian (eg. +Motorola 68030). There are also some platform-specific parameters in +the include file "platform.h". Some platforms may have to modify this +file. + +If you successfully create a target rule for a new platform, please send +the patches to pgp-bugs@mit.edu, so it can be added to the next release. + +Note: PGP 2.6.1 requires the function memmove. Not all machines have +this in the standard C library. There is an implementation of memmove +included with this distribution. If you find that your platform +requires memmove, but the makefile rule for your platform does not +include memmove (look at the sun4gcc or sun386i rules for an example of +how to include it), please send mail to pgp-bugs@mit.edu, so we can +correct the problem. + +If you have any problems, bugs, patches, etc., please send mail to +pgp-bugs@mit.edu! + +If all goes well, you will end up with an executable file called "pgp". + +Before you install pgp, run these tests: +(do not create your real public key yet, this is just for testing pgp) + + - create a public/secret key pair (enter "test" as userid/password): + pgp -kg + + - add the keys from the file "keys.asc" to the public keyring: + pgp -ka keys.asc + pgp will ask if you want to sign the keys you are adding, answer yes + for at least one key. + + - do a keyring check: + pgp -kc + + - encrypt pgpdoc1.txt: + pgp -e pgpdoc1.txt test -o testfile.pgp + + - decrypt this file: + pgp testfile.pgp + +this should produce the file "testfile" compare this file with +pgpdoc1.txt + +If everything went well, install pgp in a bin directory. + +Place the documentation, pgpdoc1.txt and pgpdoc2.txt somewhere where you +can reasonably read it. The software looks for it when running +(especially generating keys), so someplace reasonably obvious would be +good. "pgp -kg" will give you full details if it can't find the +manuals. + +Place the man page (pgp.1) in an appropriate spot. If you don't know +anything about how man pages work, you can make the man page look human +readable yourself by typing "nroff -man pgp.1 >pgp.man" and reading +"pgp.man". + +Create a subdirectory somewhere in your home directory hierarchy to hold +your public and private key rings and anything else pgp might need (like +the language.txt file). The default name PGP assumes is ~/.pgp. If you +want to use a different name, you must set the environment variable +"PGPPATH" to point to this place before you use the system. + +> IMPORTANT: This directory cannot be shared! It will contain your < +> personal private keys! < + +If you are installing PGP for yourself, copy the files "language.txt", +"config.txt", and the ".hlp" files from the distribution into this +subdirectory. + +If you are installing PGP system-wide, the directory to use is +/usr/local/lib/pgp for the config, language and help files. This can be +changed in fileio.h when compiling. It's the value of PGP_SYSTEM_DIR. + +Tell PGP the character set and language you wish to use in the +config.txt file. If you have a terminal that only displays 7-bit ASCII, +use "charset=ascii" to display an approximation (accents are omitted) of +extended characters. + +>> IMPORTANT: Please read the sections in the man page and manual << +>> about vulnerabilities before using this software on a multi- << +>> user machine! << + +Now, if you haven't done so yet, GO READ THE MANUAL. + +######################################################################## +For VMS: + + PGP/VMS Version 2.6.1 + --------------------- + +***THIS MAY OR MAY NOT WORK***. + +The pgp26/vmsbuild contains support files for building a VMS version of +PGP 2.6.1. We at MIT have not tested this code out, but it should work +without too much effort. See the file: vmsbuild/000read.me. + +In particular, PGP 2.6.1 needs to be linked with the RSAREF library. +David North has provided a build file "vmsbuild/rsabuild.com" that +should help in building RSAREF. + +If you can figure out how to compile it, it SHOULD work. One change is +that PGP can now look for support files in a system-wide directory. The +default (PGP_SYSTEM_DIR, defined in fileio.h) is PGP$LIBRARY:, but you +can change that if you like. + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.1 + +iQCVAwUBLmuzYcUtR20Nv5BtAQEwnwP9FqPOE9aEet4+qtTXTW5YNrpqwvQxF0/h +ytH2WYMgA0HFRIZN9Crx5SQBX8syqaEZs0GPxOoLPVPCHVV8G3Dg3L8f72kwRAC+ +J2Z+XBt49RwwRIWm+MmWfG5IwS4OlAXTe+IDxgdViXuDDNVoWysGaWJSW+hv+yry +xU9pY5AYBKc= +=8s1o +-----END PGP SIGNATURE-----